GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00404.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
n/a GE PACSystems RX3i affected
Version Status Constraints
CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU320 All versions(End of Life) affected

Configuration 1 [-]

AND
cpe:2.3:o:emerson:rx3i_cpe100_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:rx3i_cpe100:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:emerson:rx3i_cpe115_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:rx3i_cpe115:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:emerson:rx3i_cpe302_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:rx3i_cpe302:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:emerson:rx3i_cpe305_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:rx3i_cpe305:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:emerson:rx3i_cpe310_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:rx3i_cpe310:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:emerson:rx3i_cru320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:rx3i_cru320:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:emerson:rx3i_cpe330_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:rx3i_cpe330:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:emerson:rx3i_cpe400_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:rx3i_cpe400:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:emerson:rx3i_cpl410_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:emerson:rx3i_cpl410:-:*:*:*:*:*:*:*

No data.

No data.

Project Subscriptions

Vendors Products
Emerson Subscribe
Rx3i Cpe100 Subscribe
Rx3i Cpe100 Firmware Subscribe
Rx3i Cpe115 Subscribe
Rx3i Cpe115 Firmware Subscribe
Rx3i Cpe302 Subscribe
Rx3i Cpe302 Firmware Subscribe
Rx3i Cpe305 Subscribe
Rx3i Cpe305 Firmware Subscribe
Rx3i Cpe310 Subscribe
Rx3i Cpe310 Firmware Subscribe
Rx3i Cpe330 Subscribe
Rx3i Cpe330 Firmware Subscribe
Rx3i Cpe400 Subscribe
Rx3i Cpe400 Firmware Subscribe
Rx3i Cpl410 Subscribe
Rx3i Cpl410 Firmware Subscribe
Rx3i Cru320 Subscribe
Rx3i Cru320 Firmware Subscribe
Advisories
Source ID Title
EUVD EUVD EUVD-2019-4979 GE PACSystems RX3i CPE100/115: All versions prior to R9.85,CPE302/305/310/330/400/410: All versions prior to R9.90,CRU/320 All versions(End of Life) may allow an attacker sending specially manipulated packets to cause the module state to change to halt-mode, resulting in a denial-of-service condition. An operator must reboot the CPU module after removing battery or energy pack to recover from halt-mode.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://www.us-cert.gov/ics/advisories/icsa-20-014-01 cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-08-04T23:57:39.193Z

Reserved: 2019-07-11T00:00:00

Link: CVE-2019-13524

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-01-16T18:15:11.463

Modified: 2024-11-21T04:25:04.417

Link: CVE-2019-13524

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses